This is an automated email from the git hooks/post-receive script.
Git pushed a commit to branch master
in repository ffmpeg.
The following commit(s) were added to refs/heads/master by this push:
new f9482e1d01 avcodec/nellymoserdec: Check block count to avoid integer
overflow
f9482e1d01 is described below
commit f9482e1d01d7ae9395194f3c84b1d67dfb65c645
Author: Marco Reimann <[email protected]>
AuthorDate: Tue Jun 23 04:14:59 2026 +0200
Commit: michaelni <[email protected]>
CommitDate: Fri Jun 26 21:14:51 2026 +0000
avcodec/nellymoserdec: Check block count to avoid integer overflow
Fixes: out of array access
Fixes: nelly.avi / gen_nelly_overflow.py
Fixes: pgc86PfE7ZpA
Fixes: 0eea21294354 (Add avcodec_decode_audio4().)
Signed-off-by: Michael Niedermayer <[email protected]>
---
libavcodec/nellymoserdec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/nellymoserdec.c b/libavcodec/nellymoserdec.c
index 36477173ff..7037d6b0ba 100644
--- a/libavcodec/nellymoserdec.c
+++ b/libavcodec/nellymoserdec.c
@@ -156,8 +156,8 @@ static int decode_tag(AVCodecContext *avctx, AVFrame *frame,
blocks = buf_size / NELLY_BLOCK_LEN;
- if (blocks <= 0) {
- av_log(avctx, AV_LOG_ERROR, "Packet is too small\n");
+ if (blocks <= 0 || blocks > INT_MAX / NELLY_SAMPLES) {
+ av_log(avctx, AV_LOG_ERROR, "Packet is too small or too large\n");
return AVERROR_INVALIDDATA;
}
_______________________________________________
ffmpeg-cvslog mailing list -- [email protected]
To unsubscribe send an email to [email protected]